<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-CN" lang="zh-CN">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	<meta name="keywords" content="SecWiki，维基，安全，资讯，专题，导航，RSS聚合，Ｗeb安全，Ｗeb安全，移动平台，二进制安全，恶意分析，网络安全，设备安全，运维技术，编程技术，书籍推荐">
	<title>SecWiki周刊（第143期)</title>
	<link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/bootstrap.css"/>
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/styles.css" />
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/people.css" />
    <link rel="shortcut icon" href="https://secwiki.b0.upaiyun.com/img/favicon.ico">
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <script src="//upcdn.b0.upaiyun.com/libs/jquery/jquery-1.8.3.min.js"></script>
</head>

<body>
<div class="navbar navbar-fixed-top"><div class="navbar-inner"><div class="container"><a class="btn btn-navbar" data-toggle="collapse" data-target="#yii_bootstrap_collapse_0"><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span></a><a href="/index.php" class="brand"><img src="https://secwiki.b0.upaiyun.com/logo.jpg" alt="" /></a><div class="nav-collapse collapse" id="yii_bootstrap_collapse_0"><form class="navbar-search pull-right" action="/news/search">
         <input type="text" class="search-query span2" name="wd" placeholder="SecWiki">
        </form>
    	<ul id="yw0" class="nav"><li><a href="/index.php">首页</a></li><li><a href="/event">新闻</a></li><li><a href="/news">技术</a></li><li><a href="/skill">技能</a></li><li><a href="/topic">专题</a></li><li><a href="/book">书籍</a></li><li><a href="/user/members">成员</a></li><li><a href="/opml/index">聚合</a></li><li><a href="/tougao/create">投稿</a></li></ul></div></div></div></div>
<div class="container" id="page">
			<!-- breadcrumbs -->
	
    <div style="margin-left: 15px;">
	    <div class="row-fluid">
    <div id="content">
            <link rel="stylesheet" type="text/css" href="/css/mweekly.css"/>

<h5><strong>SecWiki周刊（第143期）</strong></h5>
<blockquote> 2016/11/21-2016/11/27</blockquote>
<section id="news">
    <div class="weeklydivide">
      <strong>安全资讯</strong>
    </div><div class="single"><span id="tags">[爆库]&nbsp;&nbsp;</span>GitHub 800万用户信息遭泄露 附下载地址<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzI2MDExMzg5NQ==&amp;mid=2652475044&amp;idx=1&amp;sn=b6eecc8bf73cb4a217484e9a509dedcd&amp;chksm=f183ba2cc6f4333abbd4c59c9e31bdfac3cdc94cd1b6eed004ada862b12d46523625dea6da1d&amp;mpshare=1&amp;scene=1&amp;srcid=1124gjxAAhzN4yJFc8pmOiE8#rd">http://mp.weixin.qq.com/s?__biz=MzI2MDExMzg5NQ==&amp;mid=2652475044&amp;idx=1&amp;sn=b6eecc8bf73cb4a217484e9a509dedcd&amp;chksm=f183ba2cc6f4333abbd4c59c9e31bdfac3cdc94cd1b6eed004ada862b12d46523625dea6da1d&amp;mpshare=1&amp;scene=1&amp;srcid=1124gjxAAhzN4yJFc8pmOiE8#rd</a></div><div class="single"><span id="tags">[事件]&nbsp;&nbsp;</span>美国NSA局长表示DNC电子邮件泄漏是故意行为<br><a target="_blank" href="http://www.mottoin.com/92399.html">http://www.mottoin.com/92399.html</a></div><div class="single"><span id="tags">[会议]&nbsp;&nbsp;</span>补天白帽沙龙江西站火热开启报名-更多福利戳这里<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzA5ODMyMzQ1OQ==&amp;mid=2698432208&amp;idx=1&amp;sn=8c838ae67d3da804a4acf7219670e8e2&amp;chksm=b5b133bc82c6baaafaefdcc2643ce49616ae8619ab7bdb22955775f9b16f182281c1caad8822&amp;mpshare=1&amp;scene=22&amp;srcid=1123Yzz0SVBfuDc9TaznPR2K#rd">http://mp.weixin.qq.com/s?__biz=MzA5ODMyMzQ1OQ==&amp;mid=2698432208&amp;idx=1&amp;sn=8c838ae67d3da804a4acf7219670e8e2&amp;chksm=b5b133bc82c6baaafaefdcc2643ce49616ae8619ab7bdb22955775f9b16f182281c1caad8822&amp;mpshare=1&amp;scene=22&amp;srcid=1123Yzz0SVBfuDc9TaznPR2K#rd</a></div><div class="single"><span id="tags">[事件]&nbsp;&nbsp;</span>美国海军遭黑客攻击，泄露1.3万人员信息<br><a target="_blank" href="http://www.mottoin.com/92570.html">http://www.mottoin.com/92570.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Shellphish CGC背后的故事<br><a target="_blank" href="https://www.inforsec.org/wp/?p=1550&amp;sukey=72885186ae5c357dccd01f069ec222e3232c5beea1b231d1908036259da358374b9ee52461cb6907fa0eb4316cb54b30">https://www.inforsec.org/wp/?p=1550&amp;sukey=72885186ae5c357dccd01f069ec222e3232c5beea1b231d1908036259da358374b9ee52461cb6907fa0eb4316cb54b30</a></div><div class="single"><span id="tags">[会议]&nbsp;&nbsp;</span>SyScan360国际前瞻信息安全会议24日场<br><a target="_blank" href="http://www.mottoin.com/92577.html">http://www.mottoin.com/92577.html</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>《2016中国Cybersecurity创业调查报告》全文图解<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzIzMTAzNzUxMQ==&amp;mid=404654875&amp;idx=2&amp;sn=cf2db78ccabaea53025013bb2bdfe44a&amp;mpshare=1&amp;scene=2&amp;srcid=1124mCcMkAYU1o5dy9jatnAE&amp;from=timeline#rd">http://mp.weixin.qq.com/s?__biz=MzIzMTAzNzUxMQ==&amp;mid=404654875&amp;idx=2&amp;sn=cf2db78ccabaea53025013bb2bdfe44a&amp;mpshare=1&amp;scene=2&amp;srcid=1124mCcMkAYU1o5dy9jatnAE&amp;from=timeline#rd</a></div><div class="single"><span id="tags">[事件]&nbsp;&nbsp;</span>黑客团队入侵并公布了Mega.nz源码数据<br><a target="_blank" href="http://www.mottoin.com/92433.html">http://www.mottoin.com/92433.html</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>美国国土安全部发布《物联网安全指导原则》<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MjM5NjA0NjgyMA==&amp;mid=2651062334&amp;idx=2&amp;sn=65b5af9571e5bcf9d2ecff759dd11226&amp;chksm=bd1f92b58a681ba392ef48122488a314e7eb7a710f40230d396d9f2ddbcff7c89225a24734e0&amp;mpshare=1&amp;scene=2&amp;srcid=1120P1w6TGlfKolJ8ZYpNrU4&amp;from=timeline#rd">http://mp.weixin.qq.com/s?__biz=MjM5NjA0NjgyMA==&amp;mid=2651062334&amp;idx=2&amp;sn=65b5af9571e5bcf9d2ecff759dd11226&amp;chksm=bd1f92b58a681ba392ef48122488a314e7eb7a710f40230d396d9f2ddbcff7c89225a24734e0&amp;mpshare=1&amp;scene=2&amp;srcid=1120P1w6TGlfKolJ8ZYpNrU4&amp;from=timeline#rd</a></div><div class="single"><span id="tags">[会议]&nbsp;&nbsp;</span>2016 SyScan360：六大不得不看的议题 <br><a target="_blank" href="http://www.aqniu.com/industry/21219.html">http://www.aqniu.com/industry/21219.html</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>FBI展开史上最大规模网络行动 针对120个国家8000个IP进行入侵<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzI4MjA1MzkyNA==&amp;mid=2655294614&amp;idx=1&amp;sn=19b63ab0d5a314b8bcdddafb9b9431fe&amp;chksm=f02fe8ddc75861cba18fba86db4ac4933a02a5fc62e7a364729812259dfeb78351cc7dcf8428&amp;mpshare=1&amp;scene=1&amp;srcid=1124tUwbt00UqSDbzsbPYr5x#rd">http://mp.weixin.qq.com/s?__biz=MzI4MjA1MzkyNA==&amp;mid=2655294614&amp;idx=1&amp;sn=19b63ab0d5a314b8bcdddafb9b9431fe&amp;chksm=f02fe8ddc75861cba18fba86db4ac4933a02a5fc62e7a364729812259dfeb78351cc7dcf8428&amp;mpshare=1&amp;scene=1&amp;srcid=1124tUwbt00UqSDbzsbPYr5x#rd</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>腾讯发布2016微信生态安全报告 累计处理谣言文章20多万篇<br><a target="_blank" href="http://news.qq.com/a/20161124/039113.htm">http://news.qq.com/a/20161124/039113.htm</a></div><div class="single"><span id="tags">[人物]&nbsp;&nbsp;</span>段钢：自从那个冬夜看雪，一晃已是十六年 <br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzIzMTAzNzUxMQ==&amp;mid=2652876305&amp;idx=1&amp;sn=a1641265e33663d81d2163596368d35a&amp;chksm=f3414139c436c82f7aa4bfc23f67a92975f076b4227cf2e781679165ae993bdf41c5695757c5&amp;mpshare=1&amp;scene=1&amp;srcid=1121iQgkNlBmqB6Tkvvvh7nK#rd">http://mp.weixin.qq.com/s?__biz=MzIzMTAzNzUxMQ==&amp;mid=2652876305&amp;idx=1&amp;sn=a1641265e33663d81d2163596368d35a&amp;chksm=f3414139c436c82f7aa4bfc23f67a92975f076b4227cf2e781679165ae993bdf41c5695757c5&amp;mpshare=1&amp;scene=1&amp;srcid=1121iQgkNlBmqB6Tkvvvh7nK#rd</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>安全的进化论（二）：来说说态势感知 <br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzIzMTAzNzUxMQ==&amp;mid=2652876370&amp;idx=1&amp;sn=b35fb93d9837afafa8025a7fa511e8eb&amp;chksm=f341417ac436c86c1d379340bf4942fcac669579085e3f888f718b6ef022377dab3aafc8dec5&amp;mpshare=1&amp;scene=2&amp;srcid=1123zlifjW1YOmI7HkWmlvfh&amp;from=timeline#rd">http://mp.weixin.qq.com/s?__biz=MzIzMTAzNzUxMQ==&amp;mid=2652876370&amp;idx=1&amp;sn=b35fb93d9837afafa8025a7fa511e8eb&amp;chksm=f341417ac436c86c1d379340bf4942fcac669579085e3f888f718b6ef022377dab3aafc8dec5&amp;mpshare=1&amp;scene=2&amp;srcid=1123zlifjW1YOmI7HkWmlvfh&amp;from=timeline#rd</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>威胁情报：我有药，你有病吗？<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzA3MTEwNDE1NA==&amp;mid=2649431880&amp;idx=1&amp;sn=ec914ebce88ff79dc69690eb875e5d30&amp;chksm=872d1cbdb05a95ab949e78a1d6e58dac863aaa71e51e8be1ac230ecf56c541788629b0c04eee&amp;mpshare=1&amp;scene=2&amp;srcid=1123B4v8u6zooJSOlbiWNvIA&amp;from=timeline#rd">http://mp.weixin.qq.com/s?__biz=MzA3MTEwNDE1NA==&amp;mid=2649431880&amp;idx=1&amp;sn=ec914ebce88ff79dc69690eb875e5d30&amp;chksm=872d1cbdb05a95ab949e78a1d6e58dac863aaa71e51e8be1ac230ecf56c541788629b0c04eee&amp;mpshare=1&amp;scene=2&amp;srcid=1123B4v8u6zooJSOlbiWNvIA&amp;from=timeline#rd</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>针对藏族人群的恶意程序 KeyBoy <br><a target="_blank" href="http://www.solidot.org/story?sid=50451">http://www.solidot.org/story?sid=50451</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>黑客小说：杀手 （第十章 回忆）<br><a target="_blank" href="http://www.jianshu.com/p/0c6330a17bce">http://www.jianshu.com/p/0c6330a17bce</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>2015年全球网安市场重大M&amp;A汇总<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzAwNDE4Mzc1NA==&amp;mid=2650825053&amp;idx=1&amp;sn=58972d5b2481916769f99ed6580f3b9c&amp;chksm=80db02f8b7ac8bee2c0cf9df78b9144b41432d88d86e30173f5ba79f1034e8fcc6b6544f0bba&amp;mpshare=1&amp;scene=2&amp;srcid=1123ToQLG9Ze7BHNctSWmRlI&amp;from=timeline#rd">http://mp.weixin.qq.com/s?__biz=MzAwNDE4Mzc1NA==&amp;mid=2650825053&amp;idx=1&amp;sn=58972d5b2481916769f99ed6580f3b9c&amp;chksm=80db02f8b7ac8bee2c0cf9df78b9144b41432d88d86e30173f5ba79f1034e8fcc6b6544f0bba&amp;mpshare=1&amp;scene=2&amp;srcid=1123ToQLG9Ze7BHNctSWmRlI&amp;from=timeline#rd</a></div></section><section id="news">
    <div class="weeklydivide">
      <strong>安全技术</strong>
    </div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Kali-Linux-2016.2(Rolling) 更新源<br><a target="_blank" href="https://www.ohlinge.cn/kali/rolling.html">https://www.ohlinge.cn/kali/rolling.html</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>kcws:深度学习中文分词（字嵌入+Bi-LSTM+CRF）<br><a target="_blank" href="https://github.com/koth/kcws">https://github.com/koth/kcws</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>OpenWAF: OpenWAF是基于openresty的Web应用防护系统（WAF）<br><a target="_blank" href="https://github.com/titansec/OpenWAF">https://github.com/titansec/OpenWAF</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>BlindWaterMark:  Python编程实现的盲水印<br><a target="_blank" href="https://github.com/chishaxie/BlindWaterMark">https://github.com/chishaxie/BlindWaterMark</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>互联网业务安全的黑灰产业链的故事 - 【途牛风控】<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzI4NTIxNjczMA==&amp;mid=2247483766&amp;idx=1&amp;sn=9af29dae213d976a958ad471fdf566b4&amp;chksm=ebeedbc3dc9952d51da18d2ed57d993370d60a0d6e2108ef528c756597d4894e86bcc87db5cc&amp;mpshare=1&amp;scene=1&amp;srcid=1122KxR8gXNoYfNEr1VXj7KQ#wechat_redir">http://mp.weixin.qq.com/s?__biz=MzI4NTIxNjczMA==&amp;mid=2247483766&amp;idx=1&amp;sn=9af29dae213d976a958ad471fdf566b4&amp;chksm=ebeedbc3dc9952d51da18d2ed57d993370d60a0d6e2108ef528c756597d4894e86bcc87db5cc&amp;mpshare=1&amp;scene=1&amp;srcid=1122KxR8gXNoYfNEr1VXj7KQ#wechat_redir</a></div><div class="single"><span id="tags">[会议]&nbsp;&nbsp;</span>SIGKDD 2016 Tutorial:Leveraging Propagation for Data Mining: Models, Algorithms <br><a target="_blank" href="http://people.cs.vt.edu/~badityap/TALKS/16-kdd-tutorial/">http://people.cs.vt.edu/~badityap/TALKS/16-kdd-tutorial/</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>SFDC 北京 Security 大会精彩分享<br><a target="_blank" href="https://segmentfault.com/a/1190000007553551">https://segmentfault.com/a/1190000007553551</a></div><div class="single"><span id="tags">[会议]&nbsp;&nbsp;</span>带你走进维也纳版的CCS2016（现场报告点评四）<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzA4ODYzMjU0NQ==&amp;mid=2652307022&amp;idx=1&amp;sn=4d8566897bad03aebab9dafa892e14bb&amp;chksm=8bc563c0bcb2ead622d9805232da36d67e8ad822a2fc114a310d8bbcd020af796b8185424d95&amp;scene=0#rd">http://mp.weixin.qq.com/s?__biz=MzA4ODYzMjU0NQ==&amp;mid=2652307022&amp;idx=1&amp;sn=4d8566897bad03aebab9dafa892e14bb&amp;chksm=8bc563c0bcb2ead622d9805232da36d67e8ad822a2fc114a310d8bbcd020af796b8185424d95&amp;scene=0#rd</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>mimikatz 2.1 20161126 发布<br><a target="_blank" href="http://www.mottoin.com/92735.html">http://www.mottoin.com/92735.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>我的WafBypass之道（SQL注入篇）<br><a target="_blank" href="https://xianzhi.aliyun.com/forum/attachment/big_size/wafbypass_sql.pdf">https://xianzhi.aliyun.com/forum/attachment/big_size/wafbypass_sql.pdf</a></div><div class="single"><span id="tags">[会议]&nbsp;&nbsp;</span>带你走进维也纳版的CCS2016（现场报告点评五）<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzA4ODYzMjU0NQ==&amp;mid=2652307046&amp;idx=1&amp;sn=77c4e3c0d6fa1af88f011671bc02ffcc&amp;chksm=8bc563e8bcb2eafe7b81ad79531d61a530f6c83a8ef216c143f54ec141d81fd1cf32d0bc8325&amp;scene=0#rd">http://mp.weixin.qq.com/s?__biz=MzA4ODYzMjU0NQ==&amp;mid=2652307046&amp;idx=1&amp;sn=77c4e3c0d6fa1af88f011671bc02ffcc&amp;chksm=8bc563e8bcb2eafe7b81ad79531d61a530f6c83a8ef216c143f54ec141d81fd1cf32d0bc8325&amp;scene=0#rd</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Winmail最新直达webshell 0day漏洞挖掘实录<br><a target="_blank" href="http://www.91ri.org/16519.html">http://www.91ri.org/16519.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>比一比Nmap、Zmap、Masscan三种扫描工具 <br><a target="_blank" href="http://www.arkteam.net/?p=1328">http://www.arkteam.net/?p=1328</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Kaitai Web IDE：在线多种文件格式分析<br><a target="_blank" href="https://kt.pe/kaitai_struct_webide/">https://kt.pe/kaitai_struct_webide/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Nginx权限提升漏洞(CVE-2016-1247) 分析<br><a target="_blank" href="http://blog.knownsec.com/2016/11/nginx%e6%9d%83%e9%99%90%e6%8f%90%e5%8d%87%e6%bc%8f%e6%b4%9ecve-2016-1247-%e5%88%86%e6%9e%90/">http://blog.knownsec.com/2016/11/nginx%e6%9d%83%e9%99%90%e6%8f%90%e5%8d%87%e6%bc%8f%e6%b4%9ecve-2016-1247-%e5%88%86%e6%9e%90/</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>deep-pwning: Metasploit for machine learning.<br><a target="_blank" href="https://github.com/cchio/deep-pwning">https://github.com/cchio/deep-pwning</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>TECHNICAL TEARDOWN: EXPLOIT &amp; MALWARE IN .HWP FILES<br><a target="_blank" href="http://www.vxsecurity.sg/2016/11/22/technical-teardown-exploit-malware-in-hwp-files/">http://www.vxsecurity.sg/2016/11/22/technical-teardown-exploit-malware-in-hwp-files/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>挖掘PHP禁用函数绕过利用姿势 <br><a target="_blank" href="http://blog.th3s3v3n.xyz/2016/11/20/web/%E6%8C%96%E6%8E%98PHP%E7%A6%81%E7%94%A8%E5%87%BD%E6%95%B0%E7%BB%95%E8%BF%87%E5%88%A9%E7%94%A8%E5%A7%BF%E5%8A%BF/">http://blog.th3s3v3n.xyz/2016/11/20/web/%E6%8C%96%E6%8E%98PHP%E7%A6%81%E7%94%A8%E5%87%BD%E6%95%B0%E7%BB%95%E8%BF%87%E5%88%A9%E7%94%A8%E5%A7%BF%E5%8A%BF/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>Nginx 配置简述 <br><a target="_blank" href="http://www.barretlee.com/blog/2016/11/19/nginx-configuration-start/">http://www.barretlee.com/blog/2016/11/19/nginx-configuration-start/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>一个价值7500刀的Chrome UXSS（CVE-2016-1631）分析与利用 <br><a target="_blank" href="http://avfisher.win/archives/619">http://avfisher.win/archives/619</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>It’s Parliamentary: KeyBoy and the targeting of the Tibetan Community<br><a target="_blank" href="https://citizenlab.org/2016/11/parliament-keyboy/">https://citizenlab.org/2016/11/parliament-keyboy/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>httpscan: 一个爬虫式的网段Web主机发现小工具<br><a target="_blank" href="https://github.com/zer0h/httpscan">https://github.com/zer0h/httpscan</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>分析与总结常见勒索软件的加密算法<br><a target="_blank" href="http://www.freebuf.com/articles/database/120023.html">http://www.freebuf.com/articles/database/120023.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Zigbee 安全与 IoT 设备漏洞利用<br><a target="_blank" href="http://www.mottoin.com/92660.html">http://www.mottoin.com/92660.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>BScanner: 又一款轻量级的目录扫描器<br><a target="_blank" href="https://github.com/LoRexxar/BScanner">https://github.com/LoRexxar/BScanner</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>MobSF：自动化移动安全测试框架<br><a target="_blank" href="http://www.mottoin.com/92477.html">http://www.mottoin.com/92477.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>安全的进化论（二）：来说说态势感知 <br><a target="_blank" href="https://www.sec-un.org/%e5%ae%89%e5%85%a8%e7%9a%84%e8%bf%9b%e5%8c%96%e8%ae%ba%ef%bc%88%e4%ba%8c%ef%bc%89%ef%bc%9a%e6%9d%a5%e8%af%b4%e8%af%b4%e6%80%81%e5%8a%bf%e6%84%9f%e7%9f%a5.html">https://www.sec-un.org/%e5%ae%89%e5%85%a8%e7%9a%84%e8%bf%9b%e5%8c%96%e8%ae%ba%ef%bc%88%e4%ba%8c%ef%bc%89%ef%bc%9a%e6%9d%a5%e8%af%b4%e8%af%b4%e6%80%81%e5%8a%bf%e6%84%9f%e7%9f%a5.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>brut3k1t - Server-side Brute-force Module (ssh, ftp, smtp, facebook)<br><a target="_blank" href="http://www.kitploit.com/2016/11/brut3k1t-server-side-brute-force-module.html">http://www.kitploit.com/2016/11/brut3k1t-server-side-brute-force-module.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>通过二维码传输IP数据<br><a target="_blank" href="http://www.mottoin.com/92345.html">http://www.mottoin.com/92345.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>使用Docker镜像/容器分析已知漏洞<br><a target="_blank" href="http://www.mottoin.com/92339.html">http://www.mottoin.com/92339.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>java Deserialization Cheat Sheet<br><a target="_blank" href="https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet/">https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>黑客入侵ATM机的4种方法<br><a target="_blank" href="http://www.mottoin.com/92434.html">http://www.mottoin.com/92434.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>值得关注的安全行业Twitter<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MjM5NDM1OTM0Mg==&amp;mid=2651050360&amp;idx=1&amp;sn=4c68808b7365b20f8a72340432337d8e&amp;chksm=bd7f80398a08092f649306addbb32ada2e69bbaad8b8684add4484ac90f10b2439b14a525836&amp;mpshare=1&amp;scene=23&amp;srcid=1123G3edVZbSDpkdhYMQz4Tz#rd">http://mp.weixin.qq.com/s?__biz=MjM5NDM1OTM0Mg==&amp;mid=2651050360&amp;idx=1&amp;sn=4c68808b7365b20f8a72340432337d8e&amp;chksm=bd7f80398a08092f649306addbb32ada2e69bbaad8b8684add4484ac90f10b2439b14a525836&amp;mpshare=1&amp;scene=23&amp;srcid=1123G3edVZbSDpkdhYMQz4Tz#rd</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Feigong：针对各种情况自由变化的MySQL注入脚本<br><a target="_blank" href="https://github.com/LoRexxar/Feigong">https://github.com/LoRexxar/Feigong</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>awesome-iocs: 不错的IOC工具和数据发布站点<br><a target="_blank" href="https://github.com/sroberts/awesome-iocs">https://github.com/sroberts/awesome-iocs</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>各大Web扫描器的价格与扫描功能比较<br><a target="_blank" href="http://sectoolmarket.com/price-and-feature-comparison-of-web-application-scanners-opensource-list.html">http://sectoolmarket.com/price-and-feature-comparison-of-web-application-scanners-opensource-list.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>对嵌入式设备的逆向和漏洞利用：软件层 Part 1<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&amp;mid=2458280731&amp;idx=1&amp;sn=141e3f185b38d7ccede03a78c466c884&amp;chksm=b181539186f6da87d99599d05823e8f60d0c6d578706ea53a40e9a57ce0e7cd871c93e80cb1f&amp;scene=0#rd">http://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&amp;mid=2458280731&amp;idx=1&amp;sn=141e3f185b38d7ccede03a78c466c884&amp;chksm=b181539186f6da87d99599d05823e8f60d0c6d578706ea53a40e9a57ce0e7cd871c93e80cb1f&amp;scene=0#rd</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>新手指南：DVWA-1.9全级别教程之SQL Injection<br><a target="_blank" href="http://www.freebuf.com/articles/web/120747.html">http://www.freebuf.com/articles/web/120747.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Hacking Aria2 RPC Daemon<br><a target="_blank" href="https://ricterz.me/posts/Hacking%20Aria2%20RPC%20Daemon?_=1479792710287">https://ricterz.me/posts/Hacking%20Aria2%20RPC%20Daemon?_=1479792710287</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Eagle: Eagle is a Web Application Attack and Audit Framework<br><a target="_blank" href="https://github.com/magerx/Eagle">https://github.com/magerx/Eagle</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>扎克伯克是对的，黑掉耳机更容易<br><a target="_blank" href="https://www.siliconrepublic.com/enterprise/hacking-earphones">https://www.siliconrepublic.com/enterprise/hacking-earphones</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>树莓派应用：无线扫描仪<br><a target="_blank" href="http://www.mottoin.com/92504.html">http://www.mottoin.com/92504.html</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>破解一款无线智能插座<br><a target="_blank" href="http://www.mottoin.com/92421.html">http://www.mottoin.com/92421.html</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>aws_pwn:A collection of AWS penetration testing junk<br><a target="_blank" href="https://github.com/dagrz/aws_pwn">https://github.com/dagrz/aws_pwn</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>InPage zero-day exploit used to attack financial institutions in Asia<br><a target="_blank" href="https://securelist.com/blog/research/76717/inpage-zero-day-exploit-used-to-attack-financial-institutions-in-asia/">https://securelist.com/blog/research/76717/inpage-zero-day-exploit-used-to-attack-financial-institutions-in-asia/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>浅谈Web前端僵尸网络 <br><a target="_blank" href="http://www.arkteam.net/?p=1364">http://www.arkteam.net/?p=1364</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Abusing of Protocols to Load Local Files, bypass the HTML5 Sandbox<br><a target="_blank" href="http://www.brokenbrowser.com/abusing-of-protocols/">http://www.brokenbrowser.com/abusing-of-protocols/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>WebMalwareScanner - A simple malware scanner<br><a target="_blank" href="https://github.com/maxlabelle/WebMalwareScanner">https://github.com/maxlabelle/WebMalwareScanner</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>A target specific wordlist generating tool for social engineers and security res<br><a target="_blank" href="https://github.com/tch1001/pwdlogy">https://github.com/tch1001/pwdlogy</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>【零知识证明】利用数据库查表瓶颈，对抗密码破解<br><a target="_blank" href="https://www.cnblogs.com/index-html/p/database-lookup-against-password-cracking.html">https://www.cnblogs.com/index-html/p/database-lookup-against-password-cracking.html</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>The Damn Vulnerable Router Firmware Project<br><a target="_blank" href="https://github.com/praetorian-inc/DVRF">https://github.com/praetorian-inc/DVRF</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>The Genesis of an XSS Worm – Part III<br><a target="_blank" href="http://brutelogic.com.br/blog/genesis-xss-worm-part-iii/">http://brutelogic.com.br/blog/genesis-xss-worm-part-iii/</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>构造一个支持多端口的中间人网络TAP<br><a target="_blank" href="http://www.mottoin.com/92353.html">http://www.mottoin.com/92353.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>NEET - 网络枚举和利用工具<br><a target="_blank" href="https://github.com/JonnyHightower/neet">https://github.com/JonnyHightower/neet</a></div><div class="single"><span id="tags">[杂志]&nbsp;&nbsp;</span>SecWiki周刊（第142期)<br><a target="_blank" href="https://www.sec-wiki.com/weekly/142">https://www.sec-wiki.com/weekly/142</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>Python multiprocessing<br><a target="_blank" href="http://thief.one/2016/11/23/Python-multiprocessing/">http://thief.one/2016/11/23/Python-multiprocessing/</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>Brutal -- 用来快速生成 HID 设备多种攻击代码的工具<br><a target="_blank" href="http://www.kitploit.com/2016/11/brutal-toolkit-to-quickly-create.html">http://www.kitploit.com/2016/11/brutal-toolkit-to-quickly-create.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>Building a Whitelist of Network Domains<br><a target="_blank" href="http://threatcrowd.blogspot.co.uk/2016/11/building-whitelist-of-network-domains.html">http://threatcrowd.blogspot.co.uk/2016/11/building-whitelist-of-network-domains.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>Monitoring &#039;DNS&#039; inside the Tor network<br><a target="_blank" href="http://blog.0x3a.com/post/153468210759/monitoring-dns-inside-the-tor-network">http://blog.0x3a.com/post/153468210759/monitoring-dns-inside-the-tor-network</a></div></section>
<section id="news">
        <pre style="margin-top: 15px; margin-bottom: 15px; padding: 6px 10px; max-width: 100%; color: rgb(62, 62, 62); background-color: rgb(255, 255, 255); -webkit-print-color-adjust: exact; border-width: 1px; border-style: solid; border-color: rgb(204, 204, 204); font-size: 13px; line-height: 19px; overflow: auto; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;"><code class="" style="max-width: 100%; -webkit-print-color-adjust: exact; border-width: initial; border-style: none; border-color: initial; background-color: transparent; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;">-----微信ID：SecWiki-----
SecWiki，5年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com</code></pre>
    <p style="max-width: 100%; min-height: 1em; color: rgb(62, 62, 62); font-size: 16px; white-space: normal; background-color: rgb(255, 255, 255); box-sizing: border-box !important; word-wrap: break-word !important;"><span style="max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">本期原文地址:<span style="max-width: 100%; font-family: Helvetica, arial, sans-serif; box-sizing: border-box !important; word-wrap: break-word !important;">&nbsp;<a href="https://www.sec-wiki.com/weekly/143">SecWiki周刊(第143期)</a></span><br style="max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"></span></p>
</section>
    </div><!-- content -->
</div>
    </div>
</div>

<div id="footer" class="footer">
		<div class="container"  style="margin-top: 5px;">
			<div class="span3">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">最新公告</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='http://www.sec-wiki.com/about/donate'>2016-01-01 打赏功能开通</a><br>
						<a href='http://www.sec-wiki.com/about/join'>2015-01-05 如何加入SecWiki</a><br>
						<a href='http://www.sec-wiki.com/about/submit'>2014-08-08 如何快捷提交资讯</a><br>
						<a href='http://www.sec-wiki.com/about/index'>2012-07-01 关于SecWiki</a><br>
				</div>
			</div>

			<div class="span5">
				<div class="one-third column">
					<h5 class="title">
						<a target="_blank" href="/nav/index">友情链接</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='https://www.secsilo.com/'>安全沙漏</a>&nbsp;
						<a href='http://www.freebuf.com/'>Freebuf</a>&nbsp;
						<a href='http://www.anquanquan.info/'>安全圈</a>&nbsp;
						<a href='http://navisec.it/'>Navisec</a>&nbsp;
                        <a href='http://das.scusec.org'>小黑屋</a>&nbsp;
                        <a href='http://www.polaris-lab.com/'>勾陈Lab</a>
                        <br>
						<a href='http://www.ijiandao.com'>网络尖刀</a>&nbsp;
                        <a href='http://www.shellpub.com/'>ShellPub</a>&nbsp;
                        <a href='http://www.secpulse.com/?secwiki'>SecPulse</a>&nbsp;
                        <a href='https://www.secquan.org/'>圈子</a>
                        <a href='http://bluereader.org/'>深蓝阅读</a>&nbsp;<br>
                        <a href='http://www.bugbank.cn/'>漏洞银行</a>
                        <a href='http://bobao.360.cn/'>安全客</a>
                        <a href='http://www.secfree.com/'>指尖安全</a>
                        <a href='https://www.easyaq.com/'>E安全</a>
                        <a href='http://www.vipread.com/'>安全slide</a>

                        <a href="/link">更多</a>
					</p>
				</div>
			</div>

			<div class="span2">
			    <div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">SecWiki公众号</a>						<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/weixin.jpg">
					</div>
				</div>
			</div>

			<div class="span2">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/donate">安全学术圈</a>					<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/secquan.jpg">
					</div>
				</div>
			</div>

		</div>
		<div class="container" style="margin-top:5px;margin-bottom: 10px;">
			<div class="span9">
					Copyright &copy;
					2019                    琼ICP备16003361号-4
                    SecWiki
					<a href="/news/rss">
						<img src="/img/rss.gif" border="0" width="36px" height="14px" alt="订阅SecWiki">
					</a>
					<a href="https://www.upyun.com/">
						<img src="https://secwiki.b0.upaiyun.com/upyun.png" width="80" border="0" alt="UPYUN">
					</a>
					<a href="http://www.vultr.com/?ref=6885244">
						<img src="https://secwiki.b0.upaiyun.com/vultr.png" width="100" border="0" alt="vultr">
					</a>&nbsp;&nbsp;
			</div>
		</div>
</div><!-- footer -->
<div id="csswithjs">
        <script type="text/javascript">
            var _bdhmProtocol = (("https:" == document.location.protocol) ? " https://" : " http://");
            document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3Fbad84ea1f314383f8da7949aad5c2199' type='text/javascript'%3E%3C/script%3E"));
    </script>
</div>
<script type="text/javascript" src="https://secwiki.b0.upaiyun.com/js/bs.min.js"></script>
<script type="text/javascript">
/*<![CDATA[*/
jQuery(function($) {
jQuery('[data-toggle=popover]').popover();
jQuery('body').tooltip({"selector":"[data-toggle=tooltip]"});
jQuery('#yii_bootstrap_collapse_0').collapse({'parent':false,'toggle':false});
});
/*]]>*/
</script>
</body>
<!-- page -->
</html>
